Thanks, I found the error, our auto add script needs more checking, added the SSLEngine on, cert/key/CA directives correctly, but it added <virtualhost i.p [i:p] > ... omitting ":443", fixed and all is good. Seems a CSR added it as HTML, then whilst it was loading realized she forgot to check the ssl box, did it and reloaded .. devs arse kicked, and tighter submission checking now in place to error if that happens again :) On 11/12/14, Jeff Trawick <trawick@xxxxxxxxx> wrote: > On Wed, Nov 12, 2014 at 5:05 AM, Nick Edwards <nick.z.edwards@xxxxxxxxx> > wrote: > >> Hello, >> >> Have a problem on one server where SNI does not appear to work, the >> only difference is the very first vhost is non SSL, the SSL is loaded >> second - works, then it loads some more http vhosts, - they work, >> then loads some SSL sites of same .domain - they work too, then it >> tries to load SSL site of another domain - this fails, apache reports >> no errors, but clients including using latest firefox, get wrong cert >> error, is there an ordering issue? or did something else break? >> >> Disc: Use latest apache >> version of openssl \exceeds minimum required for SNI. >> >> Thanks >> > > It would help to see your Apache httpd version and a sketch of your > SSL-related configuration. > > -- > Born in Roswell... married an alien... > http://emptyhammock.com/ > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|